STIGQter STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

The IBM RACF classes required to properly secure the z/OS UNIX environment must be ACTIVE.

DISA Rule

SV-223850r604139_rule

Vulnerability Number

V-223850

Group Title

SRG-OS-000326-GPOS-00126

Rule Version

RACF-US-000130

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Define the ACTIVE CLASS Parameter in SETROPTS to include the FACILITY, SURROGAT and UNIXPRIV resource classes.

EXAMPLES:
SETR CLASSACT(FACILITY SURROGAT UNIXPRIV)

SETR GENERIC(FACILITY SURROGAT UNIXPRIV)
SETR GENCMD(FACILITY SURROGAT UNIXPRIV)

SETR RACL(FACILITY SURROGAT UNIXPRIV)

Check Contents

From the ISPF Command Shell enter:
SETRopts list

If the ACTIVE CLASSES list includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes, this is not a finding.

If either of the above resource classes is missing, this is a finding.

Vulnerability Number

V-223850

Documentable

False

Rule Version

RACF-US-000130

Severity Override Guidance

From the ISPF Command Shell enter:
SETRopts list

If the ACTIVE CLASSES list includes entries for the FACILITY, SURROGAT, and UNIXPRIV resource classes, this is not a finding.

If either of the above resource classes is missing, this is a finding.

Check Content Reference

M

Target Key

4101

Comments